ElcomSoft Recovers BlackBerry Device Passwords

(September 29, 2011)

Moscow, Russia (PRWEB) September 29, 2011

ElcomSoft Co. Ltd. updates Elcomsoft Phone Password Breaker with the ability to recover BlackBerry device passwords protecting BlackBerry smartphones. The recovery is possible if the user-selectable Security Password security option is enabled to encrypt media card data. By analyzing information stored on encrypted media cards, Elcomsoft Phone Password Breaker can try millions password combinations per second, recovering a fairly long 7-character password in a matter of hours. With the ability to recover the device password, ElcomSoft does whats been long considered impossible, once again making Elcomsoft Phone Password Breaker the worlds first.

Information stored in BlackBerry devices is securely protected with an individual security password (device password). This password is requested every time the device it being turned on, or every time after a certain timeout if Security Timeout option is selected. If a password in typed incorrectly ten times in a row, all information on the BlackBerry smartphone is wiped clear, leaving no chance of subsequent recovery. This is a security feature, and one of the hallmarks of BlackBerry security model. Until today, it was commonly believed there is no way around the security password.

ElcomSoft has proven this belief wrong. If a user-selectable option to encrypt the contents of a removable media card is selected, Elcomsoft Phone Password Breaker can analyze information stored on the media card and derive the original device password without the need to use the BlackBerry device itself.

BlackBerry smartphones have an option to encrypt the contents of a removable media card, making any information stored on it only accessible to an authorized user. The encryption is disabled by default, but many users opt for enabling the extra security layer. To the contrary of this features intent, those opting for extra security may be actually opening a way for investigators to overcome BlackBerrys hallmark security feature, the device password.

When a BlackBerry user opts for the Security Password option to encrypt the contents of their memory card, it opens an interesting avenue for an attack. Since with this security option the media card is encrypted using the device password, it becomes possible to recover the original device password with a simple dictionary or brute-force attack.

While this method only works if the removable media card is encrypted with user selectable Security Password option, its much better than nothing. ElcomSoft estimates that about 30 per cent of all BlackBerry smartphone users opt to protect their media cards with this option, making their devices open to this attack.

Unlike with Apple iPhone, a BlackBerry device is not required to perform the recovery. A single file from the removable media card is all thats needed. The password recovery rate is in the order of millions passwords per second, meaning that a fairly long 7-character password can be unlocked in less than an hour if the password consists of characters in a single case (all capital or all lower-case) characters.

Knowing the original plain-text device password, investigators can access all information stored in the original BlackBerry device, or produce a backup file for comprehensive off-line analysis.

About Elcomsoft Phone Password Breaker

Elcomsoft Phone Password Breaker provides forensic access to encrypted information stored in popular Apple and BlackBerry devices. By recovering the original password protecting offline backups produced with compatible devices as well as the BlackBerry device password, the tool offers forensic specialists access to SMS and email messages, call history, contacts and organizer data, Web browsing history, voicemail and email accounts and settings stored in those backup files.

Pricing and Availability

Elcomsoft Phone Password Breaker is available immediately. Home and Professional editions are available. Licenses start from $79.

Elcomsoft Phone Password Breaker operates without Apple iTunes or BlackBerry Desktop Software being installed. The ability to recover BlackBerry device passwords is only available in the Professional edition.

About ElcomSoft Co. Ltd.

Founded in 1990, ElcomSoft Co. Ltd. develops state-of-the-art computer forensics tools, provides computer forensics training and computer evidence consulting services. Since 1997, ElcomSoft has been providing support to businesses, law enforcement, military, and intelligence agencies. ElcomSoft tools are used by most of the Fortune 500 corporations, multiple branches of the military all over the world, foreign governments, and all major accounting firms. ElcomSoft and its officers are members of the Russian Cryptology Association. ElcomSoft is a Microsoft Certified Partner and an Intel Software Partner.

Elcomsoft Phone Password Breaker supports Windows XP, Vista, and Windows 7, as well as Windows 2003 and 2008 Server. Elcomsoft Phone Password Breaker Pro is available to North American customers for $199. The Home edition is available for $79. Local pricing may vary. For more information visit http://blackberry.elcomsoft.com/